none
Secure boot manual logo test RRS feed

  • Question

  • Question on this test.

    When I execute secure boot manual logo from the hck, is it expected to I do all the steps in the readme.txt that is landed on the SUT or is that all automated for me?

    Adding sample below:

    ===============================================================================
    Change History
    ===============================================================================
    1.0.1
        First release
    1.0.2
        FIXED - pressanykey.efi and pressanykey2.efi were incorrectly signed
    1.0.3
        Added History section to README
        Added 32-bit x86 & arm builds of pressanykey applications
        Modified Test 02 to add hashes for all 3 platforms
    1.0.4
        Added production Microsoft KEK
        Added powershell scripts that demonstrate how the tests were created
    1.0.5
        Misc file renames
    1.0.6
        Added automated test and installer
    1.0.7
        Misc file renames.  Updated scripts to support powershell cmdlet parameter
        changes that impact builds >= 8052
    1.0.8
        Restructuring of filenames and directories.
        Replaced self-signed Lost.cer with a certificate chain.  Manual test 01
            appends the Lost CA to "db".  Manual test 03 revokes the "Lost.cer"
            leaf certificate.  All pressAnyKey?.efi apps are re-signed by the new
            "Lost.cer".
        Added "generate\" which contains one set of scripts demonstrating how the
            test certificates were generated and a second set of scripts that
            demonstrate how the signed SetVariable() Data is generated from
            certificates and hashes.  These scripts are functional and should
            execute on recent Windows 8 builds with the most up-to-date
            signtool.exe and makecert.exe installed.
        Added HOWTO Execute documentation
    1.0.9
        Updated with new Microsoft Windows 2011 Certificate
        Added "examples" to demonstrate how to configure Secure Boot for Out of Box
        Added Manual Tests for "explicitly chosen" and other, non-USB boot media
        Added Manual Tests for Lifetime Servicing
    RTM
        Fixed append tests to allow for compaction of "db" & "dbx".  For example
            and append to "db" would append new values to an existing
            EFI_SIGNATURE_LIST rather than appending a new EFI_SIGNATURE_LIST.
        Fixed test case 03-RevokeCertificate.  It now appends the Lost leaf
            certificate rather than the Lost CA certificate.
        Updated the Manual Test instructions to allow user notification on Secure
            Boot failures.
        pressanykey1.efi replaced with pressanykey1.efi
        pressanykey?.efi test apps now display unique banners of ease of use

    ===============================================================================
    HOWTO Execute the Manual Tests
    ===============================================================================

    ~~~~~~~~~~~~~~
    USB Boot Tests -
    The USB Boot Test testcases should be performed twice using 2 different
    configurations.
    ~~~~~~~~~~~~~~

    Test Pass A:
    Reboot the machine and enter the BIOS configuration.  Find the boot order menu
    and set EFI USB to be first in the boot order.  USB should now automatically
    boot when bootable USB media is inserted. 
    Several of the test cases trigger Secure Boot violations.  When this occurs,
    the system may either display a warning message, or it may silently execute the
    next boot option.  They MUST NOT provide a Secure Boot override.  For example,
    they must not prompt the user to press a button which will boot the test
    application.

    Test Pass B:
    Reboot the machine and enter the BIOS configuration.  Find the boot order menu
    and set EFI USB to be last in the boot order.  If a USB stick is inserted at
    boot time, it should not be automatically booted.
    Several of the test cases trigger Secure Boot violations.  When this occurs,
    the system SHOULD display a warning message.  However, they MUST NOT provide
    a Secure Boot override.  For example, they must not prompt the user to press a
    button which will boot the test application.

    • Edited by gshick Wednesday, November 27, 2013 3:27 AM
    Wednesday, November 27, 2013 3:25 AM